False Positives

Our Philosophy

At GuardRails, we focus on security that doesn't get in your way. That also means eliminating noise such as irrelevant security issues, and false alerts. We want to ensure that you, your software developers, and your security engineers don't have to waste time looking at a long list of possible issues.

GuardRails has an ever improving false positive detection logic, that benefits from everyone that is marking issues as false positives or not false positive in the dashboard, or simply reaching out to us with incorrect findings.

We are already exploring how machine learning can further improve this detection, so stay tuned for news on that front.

Reporting False Positives

There are three ways in which you can report false positives:

1. Via Email

Just send us an email to [email protected] and tell us what is wrong.

Please include the name of the repository, the finding category, filename and line number and if possible a brief description on why this is a false positive.

2. Via PR Comment

In the PR comments you have the link to a feedback form. Just answer the questions and mention the false positives in section 4.

3. Via the Dashboard

We are currently working on adding a feature to the dashboard that makes it easy to mark vulnerabilities as false positives. We will store the feedback automatically and not show them as vulnerabilities anymore. This will be integrated with our deep learning models in the future for automatic processing and increased accuracy.